Merge branch 'revocation' into 'main_publish' (ba0d49a0) · Commits · STAN4CRA / EN 304 617 Browser

EN-304-617.md

+3 −1

Original line number	Diff line number	Diff line
		@@ -532,7 +532,7 @@ Note: These algorithms are listed on page 37-38 of [1](https://certification.eni

		<mark>Editor's note: This requirement might be implied by Annex K. TODO: Research this interpretation and delete if redundant.</mark>

		[REQ-TLS-CON-2]: The product shall check the full validity of certificate chain through to the root, including for expiration and revocation.
		[REQ-TLS-CON-2]: The web browser shall check the full validity of certificate chain through to the root, including for expiration.

		[REQ-TLS-CON-3]: The product shall warn or obstruct the user from interacting with content served over insecure connections, including expired certificates and insecure TLS configurations.

		@@ -542,6 +542,8 @@ Example: When presenting content served with cryptographic methods with a certai

		Example: Implementation of HSTS [i.8], active mixed content blocking [i.9], and HTTPS-First loading strategies.

		[REQ-TLS-CON-6]: The web browser shall have a mechanism to respond to the revocation or loss of trust of CA certificates.

		[REQ-EXT-CON-1]: The product shall prevent secrets stored by extensions from being read by other extensions or by web content.

		NOTE: This requirement addresses the platform-enforced isolation boundary between extensions, and between extensions and web content. It does not address application-level leaks within an extension's own code.